Rapid7 Vulnerability & Exploit Database

Sun Patch: SunOS 5.10_x86: Kerberos patch

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Sun Patch: SunOS 5.10_x86: Kerberos patch

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:C/A:C)

Published

02/06/2013

Created

07/25/2018

Added

02/08/2013

Modified

05/09/2019

Description

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.

Solution(s)

sunpatch-solaris-147794

References

https://attackerkb.com/topics/cve-2002-2443
63555
68908
68909
69168
CVE - 2002-2443
CVE - 2013-1417
CVE - 2013-1418
CVE - 2014-4341
CVE - 2014-4342
CVE - 2014-4345
DSA-2701
DSA-3000
RHSA-2013:0942
RHSA-2014:1255
RHSA-2015:0439
147794-19
147794-20
147794-21
147794-22
147794-23
94903
94904
95212

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;